Multi-Factor Authentication: Best Practices for Securing The Modern Digital Enterprise
From Ping Identity
Compromised credentials continue to be a top risk for breach with enterprises. It is not really that surprising when you consider the number of enterprises that still count on passwords as the single factor to authenticate users. Still others have moved to traditional two-factor authentication (2FA), but user experience and adoption can be poor with hard-tokens, not to mention very expensive. Enterprises must move to a more secure, more usable and more cost-effective model for authentication. This paper explores and recommends step-up MFA as a superior way to authenticate users.
This white paper proposes best practices for customer and enterprise deployments of step-up MFA. It explores a risk-based approach that combines dynamic step-up authentication with passive contextual mechanisms, such as geolocation and time of day. A risk-based approach provides a holistic assessment of users, their computing environment and the nature of the transaction they’re attempting to perform, with the end goal of applying proportionate authentication and authorization.